package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.model.User;
import io.gravitee.am.model.oidc.Client;
import io.vertx.core.Handler;
import io.vertx.rxjava3.ext.web.RoutingContext;
import java.time.Instant;
import java.util.Optional;
import org.springframework.core.env.Environment;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/ForceResetPasswordStep.class */
public class ForceResetPasswordStep extends AuthenticationFlowStep {
    private final JWTService jwtService;
    private final CertificateManager certificateManager;
    private final Long tokenExpiresAfter;

    public ForceResetPasswordStep(Handler<RoutingContext> handler, JWTService jWTService, CertificateManager certificateManager, Environment environment) {
        super(handler);
        this.jwtService = jWTService;
        this.certificateManager = certificateManager;
        this.tokenExpiresAfter = (Long) environment.getProperty("user.resetPassword.token.expire-after", Long.class, 300L);
    }

    @Override // io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowStep
    public void execute(RoutingContext routingContext, AuthenticationFlowChain authenticationFlowChain) {
        if (Optional.ofNullable(routingContext.user()).isEmpty()) {
            authenticationFlowChain.doNext(routingContext);
            return;
        }
        User user = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
        Client client = (Client) routingContext.get("client");
        if (user == null || !Boolean.TRUE.equals(user.getForceResetPassword())) {
            authenticationFlowChain.doNext(routingContext);
            return;
        }
        JWT jwt = new JWT();
        jwt.setSub(user.getId());
        jwt.setAud(client.getId());
        Instant now = Instant.now();
        jwt.setIat(now.getEpochSecond());
        jwt.setExp(now.plusSeconds(this.tokenExpiresAfter.longValue()).getEpochSecond());
        jwt.put("q", routingContext.request().query());
        routingContext.put("token", (String) this.jwtService.encode(jwt, this.certificateManager.defaultCertificateProvider()).blockingGet());
        routingContext.put("return_url", routingContext.request().uri());
        authenticationFlowChain.exit(this);
    }
}
